Fishing, shmishing...whatever...don't get had!

in LeoFinance4 months ago (edited)


Wednesday began as it usually does. With dustbins and shopping lists. The former is The Husband's job and the latter is a kind of joint effort that starts with meal planning (yes, I know I've promised...it's on another list...) and culminates with his famous spreadsheets. He "translates" the paper scribbles, notes prices and, well, generally does what he's done for the last nearly 20 years. Shopping over the weekends is hell. When the practice began, he didn't have a regular day job. Truth be told, he has a lot more focus and discipline than I. He's a lot less distracted by potentially interesting things might not be on the list.

Anyhow, not long after he'd sat down to perform the ritual, his phone pinged. It was the bank:

Suspected unauthorised transaction ZAR 13k on your account. Phone xxx number.
The number looked legit: just like a Johannesburg number, and where the bank's head office is. The Husband called.

To say that tech and the Internet of things frustrates The Husband is an understatement. He views them as a mostly (un)necessary evil. His phone is not smart. Although after this experience, it will have to smarten up. A lot.

They get you in a tizz


What followed got both of us in a tizz. He'd gone into the garden to make the call. Because we live in what amounts to a Faraday cage so mobile phone reception is dodgy. He came back into the office, phone stuck to his ear, white as a sheet:

Nigerian hackers – they’re active now!

Don’t log in! We’ll help you!

He went to his computer, following instructions to open his browser to the Google search page. There was an urgency because the implication was that he/we should be catching the culprits red-handed. Of course, under that pressure one does what one is asked.

At this point, I'm helping because of the level of The Husband's discombobulation. There is a little voice at the back of my head that's a bit unsure, but the threat of someone clearing out what little money neither of us - mostly in overdraft - has, is nothing short of terrifying. On speaker, with a heavy Indian accent, hard to understand, Mister F shrilly issues panicky commands.

At one point, I muttered to the Husband,

Are you sure it's the bank?
His response,
He answered, XY Bank Fraud Division
Among the commands to follow was downloading an app Ultarviewer. Believing one's talking to the bank's FRAUD division ...

Letting them in

Now I've done some homework, some of Mister F's evident excitement was because it's a small app. It's a quick download. I was taking too long, he was probably beginning to think he might be uncovered.

It was installed and yes, I let him in. That, too, took a while because his diction and connection were indistinct. And, he did not understand me.

Another warning. Had I paid attention through all the noise - literal and figurative. There was a great deal of evident background noise at the other end of the line.

Then, Google open, and interestingly not in the browser The Husband usually uses, but Microsoft Edge:

You see that? That's your IP address. It's public. That's how hackers get in.

Now, let's log you in.

The Husband does. To the bank. Nothing's amiss. The Husband's relief that "everything in order", is palpable. Mr F sees that there's virtually nothing in the account.

Done with The Husband, he changes tack. A victim not worth the effort.

Your wife, she also banks using this network, right?
Wrong. Sort of. Never from that PC, anyway, and using a different browser. I say so.
But it's the same internet connection. Log in. We need to secure the account.
I try. It doesn't work. Even with the correct details. He doesn't believe me.

More commands

I know I've not made a mistake, but now I'm in in such a state, I tell him
Stop shouting at me! You're making me make mistakes! Tell me exactly what you're doing and why.
Then he, wait for it: tells me where in my phone app to find all my login details.

Then

We're in. Next he says
On your phone, open the Playstore.

I draw the line.

Ok.
The "bank" screen is open. My profile is there for all and sundry to see. Like The Husband's it has very few zeroes and a couple of minus signs, to boot.

The call drops.

The Husband tries to call back. Twice. We want to be sure that the accounts have been secured. Each time the call drops.

Another cup of coffee

Having "seen" that nothing was amiss, we both kind of calm down and have that second cup of coffee.

Listening to that little voice

As I was staring into that coffee, that little voice began to boom.
Love, I think we should both change our passwords.
Notwithstanding the stress of having to dream up new usernames and passwords - and remember them - we both did.

The Husband also resolved to go into the bank when he was in town and to report it. From the branch, they had him talk to the real fraud department.

Turns out, we're not alone. This is the flavour of the month and they've had a slew of similar, if not the same incidents, over the last few days; with the same modus operandi, using the same apparently "legit" numbers.

Hindsight - what we should have seen


The first sign was the text message. On closer inspection, it was definitely not the bank's standard format. In number, structure or convention. Given the threat of a breach on one's account, one looks past that.

Lesson one.

Mr F's accent and manner: our bank uses local agents with local accents.

Lessons, two, three, four...

Our bank's "usual" call centre agents -

  • do not just speak clearly, they are calm and polite and more to the point, patient to a fault
  • work hard at calming the customer down and resolving the problem
  • never ask the customer to download an app to look around one's computer - and profile. They don't need to.
  • always ask one to log in to one's profile without asking one to share details
  • access one's profile from the bank system without having access to one's PC. If need be, they can see what one's doing. Usually, it is not their business.
We learned, the hard way, about smishing.

Lessons learned. Be warned. Be alert.

Until next time, be well
Fiona
The Sandbag House
McGregor, South Africa


Photo: Selma Post script If this post might seem familiar, it's because I'm doing two things:
  • re-vamping old recipes. As I do this, I am adding them in a file format that you can download and print. If you download recipes, buy me a coffee. Or better yet, a glass of wine....?
  • and "re-capturing" nearly two years' worth of posts.
I blog to the Hive blockchain using a number of decentralised applications.
  • From Wordpress, I use the Exxp Wordpress plugin. If this rocks your socks, click here or on on the image below to sign up.

  • Join Hive using this link and then join us in the Silver Bloggers' community by clicking on the logo.

Original artwork: @artywink
  • lastly, graphics are created using partly my own photographs and Canva.
 

Posted from my blog with Exxp : https://fionasfavourites.net/fishing-shmishing-whatever-dont-get-had/
Sort:  

Great post, and a timely reminder to be vigilant for these type of scams. I tend to take great delight in toying with such scammers, keeping them on the phone line for as long as possible, by pretending to be an idiot and not understanding about technology or how to do what they are asking. I follow their instructions to the letter, but I know for a fact that it will not work on my system. One simple factor that they never seem to consider, nor to even check on, is what operating system I'm running. They give you these instructions for how to download and install their particular malware, sure. But what they neglect to check on is whether such software is compatible with my computer. Sorry, your Windows binaries (*.exe) just will not run on my GNU/Linux-based computer! 😆

Ha ha, yes I had fun stringing them along when we went through a slew of these calls and I had time!

Mess with their time and money they eventually move on, phone calls cost money 🤣, while they busy with you for long periods they not calling someone else!

while they busy with you for long periods they not calling someone else!

Yep, my thoughts exactly! 😜

Wicked fun on the sideline, they become so flustered, some even swear at you...., then you know they know you are tagging them 😜

Ah, but the majority of victims don't have your tech savvy or the confidence to string them along! Wish I did!

Bless. Good lessons for us all 🙏


The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

Hi Fiona, hubby had a similar call, unclear & foreign sounding accent. Hubby gave the phone to me as he could hardly hear, thought it was something to do with the bnb. Same story...a Nigerian account is trying to draw R4000 from your account. I'd read about this scam, so told him we'll rather contact our bank directly. He got quite angry and asked if I was happy that someone is going to scam us out of money. I told him he was the scammer so he cut the call! This needs to be shared far and wide as some people have obviously been scammed already!

Yes, indeed. In this case, we didn't receive the call, it was a number we called. Very clever. Lesson: end the call, verify the number by checking the website/one's correspondence and phone back/again. Very happy if you share this. It's also on my WordPress site and where peeps not on the blockchain might find it easier to comment.

Same scammers raising their game once again this happened about five years ago when many of my son's customers answered the call, one pensioner badly scammed of R40k all her money gone!

Never take any calls to/from banks via phone, unless you call them! Never open SMS or WhatApp or any other way they try, email is another. If you have not requested or done anything, don't panic, phone your own bank on a number you know is reliable and report it.

I was scammed at an ATM, they were parked outside the building and able to get information. Never use ATM's, draw within Pick n Pay or bigger stores, most will oblige giving cash when paying a transaction.

My scam what happened, I got notification 'maximum' of R3k was withdrawn within minutes at Marianne Hill my bank notifies me of all movements. Next they moved to second place to try another R3k exceeding limit I had set. Visited Police Station for Case Number same day (about 8 years ago). Went into the bank (when branches still had reasonable service available) reported fraud and handed over Police report. Lucky those days banks paid back when proven fraud happened, I believe this no longer happens!

Be vigilant, stay safe and thanks for warning Fiona, sadly no-one is ever totally safe. This type of trick is used by scammers saying they are a bank, or you won something, even as MicroSoft technicians trying to gain access to your machine, never switch on your machine to oblige, rather save work and shut-down, tell them your machine does not work, could they give you a number to contact them back.... 😌

!LUV

Oh, boy, I've learned a lesson. A friend of mine, her late husband and in financial services, was phished. It can happen to anyone. As you say, one has to be hypervigilant and suspicious. Sad, really.

Don't feel bad, day and age we live in! I know of very few who have not been scammed in one way or another. At least you became suspicious and notified bank quickly.

Thank goodness nothing happened, but scammers are always coming up with new tactics, and we have to be on the alert. Here is widespread this type of scam; there are even gangs that make calls from prisons; it is crazy. And also, scams with currency exchange operations are widespread, as we have so much inflation, it is very common that people make operations between individuals and that is where the bandits try to take advantage.

We must always keep in mind that nowhere in the world, a bank asks us to install an application or ask our passwords to access data to our accounts. Sometimes with the nerves of the moment to believe that we are being scammed, we can forget things like that. But we have to keep calm and not let ourselves be carried away by our nerves, which is when fraudsters take advantage of us.

Thank God nothing to regret happened.🤗

Indeed, grateful all's well that ends well. And you're so right that in the moment we can get carried away by our nerves!

I can't tell you how many similar experiences I've had, though not with a bank, not in many years. I have learned the hard way; Never click links in emails or private messages. Always if I get something, I go straight to the source (website, not through any links) and check.
Then I report any of those messages (forwarded to the applicable spam/fraud reporting email address)
Trouble with me is, that here in America, EVERY bloody support entity uses folks from India or the Philippines (for example) it is very rare indeed that I get a non accented voice on the phone.
great post @fionasfavourites

↑Upvoted↑and←Reblogged→

and
Followed

I usually have a healthy dose of jaundice and have never really been scammed. Touch wood. Some of the big entities use offshore call centres. However, we (South Africa) also happens to be a site of lots of outsourced centres and the banks, as far as I know, for security reasons only use locals. A friend - on a road trip called BMW for help. He spoke to India.

Appreciate your stopping by.

This is a great article. I wish I had seen it sooner (within the 7 day window).

Someone once said something that stuck with me: never deal with anyone (bank, insurance, Amazon, etc.) unless YOU initiated the call. And always look up the number to call from an official source. It is a simple way to protect yourself.

This advice has saved me again and again and again. There were a few times the bank really did call me and I explained that I needed to phone them because I worry about phishing. They were very understanding and, actually, thought it was sensible. That was a clue that it actually was the bank!

Of course, the many times that I get calls saying I am to be arrested... I don't call anyone. First, I know I follow the law. Secondly, I think the police are not so lazy that they would simply phone to tell me I am being arrested. I think they might stop by. Yesterday, I got a call that my social insurance number (Canadian income tax number like a US social security number) was being canceled. What utter nonsense.

I get "alarming" emails every day saying my payment for Spotify, Netflix, etc. was declined. I check the sender and it's always a lie. Even if it looked legitimate, though, I would not click on the link in the email.

The other day, I got emails saying my Crypto.com account was compromised, which mighy have been alarming if I had a Crypto.com account. Ha!

It's getting to the point where it's very difficult to take anything seriously at all.

Anyhow, great article. Important. I hate that they tend to target older people who they believe will be less tech savvy. It makes me grateful that my Dad is too cranky to be duped. He simply refuses to bank online or do any financial transactions online.

He got his first cell phone last month because I foisted it on him. Lol, but true.

Ah, @harlowjourney thank you for stopping by. I am as suspicious as you. Funnily enough, two or so days ago, I got the same text message as The Husband had. It actually occurs to me to update this post - with screenshots of the difference between that message and what one would get from the bank. The Husband now has a smarter phone but hasn't set up his app. I also tend to look twice at text messages because there's so much spam.

I'm glad you found this useful. Appreciate your stopping by.

PS You do know that you can use the tip feature to reward posts that are past their payout? If you feel so inclined.

It has been weighing on my conscience to mention that either the tip function does not exist in Ecency or I am unequal to the task of locating it. I rarely (almost never) use any other interface. I wanted to mention this because I upvoted another of your posts instead, and I didn't want you to think I ignored your suggestion. The opposite -- I am still thinking about it. Ha ha. But seriously.

I will check @ecency when next at my desk. I can't see it on my mobile. I do know that it used to be possible with an ! + tip with no spaces. You could give it a try. I use PeakD almost exclusively at my desk and for comments so I am no real help...🤦‍♀️

Tipping exist on our website, http://ecency.com. On mobile app we will add in future updates but website accessible from mobile too.

Ecency has tipping option please check ecency.com to try and learn how it works beside HIVE and HBD, you can tipping Ecency points as well.

Appreciate the reply @ecency. There you go @harlowjourney